Hades Ransomware

Malware updated 8 days ago (2024-11-29T14:15:29.382Z)
Download STIX
Preview STIX
Hades ransomware is a variant of the WastedLocker malware, which is designed to exploit and damage computers or devices. It was observed by CTU researchers being used in conjunction with Advanced Port Scanner, MegaSync, and Malleable C2 tools in various cyberattack incidents. These tools have been linked to other ransomware operations such as Snatch, Pysa, Nefilim, Darkside, and Defray. The Hades ransomware operates by infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge, and then encrypting files, disrupting operations, or stealing personal information. The operators of Hades ransomware employ distinctive tactics and infrastructure, as reported on June 15, 2021. One significant change made by the group known as INDRIK SPIDER to the WastedLocker-derived Hades ransomware variant is that it now stores key information within each encrypted file rather than in the ransom note. This modification makes it harder for victims to recover their data without paying the ransom. The ransomware also leaves a ransom note and directs victims to a Tor site for payment processing. Despite these changes, Hades ransomware shares most of its functionality with the original WastedLocker. The ISFB-inspired static configuration, multi-staged persistence/installation process, file/directory enumeration, and encryption functionality remain largely unchanged. This continuity suggests that while the Hades variant has evolved in certain respects, it still relies heavily on the successful components of its predecessor.
Description last updated: 2024-05-05T11:57:06.847Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Hades Threat Actor is associated with Hades Ransomware. Hades is a significant threat actor that has been active in the cybersecurity landscape, particularly associated with ransomware attacks. The group uses distinctive tactics and infrastructure, as noted by CTU researchers in June 2021. Hades ransomware operators have been observed using Advanced PortUnspecified
2
Source Document References
Information about the Hades Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more